LuminHive handles calls, leads and customer records for your business. Here is exactly how that data is separated, stored and protected — in plain terms, with no security theatre.
Tenant isolation
Every business on LuminHive is a separate tenant. No customer can read another customer's data, and that is enforced by the database itself rather than by application code that could be bypassed.
- Row-Level Security on every table. Each tenant-scoped table carries a policy that filters every read and every write to the signed-in tenant.
- Your tenant is taken from your signed session token — never from anything the browser sends us. A request cannot ask for another tenant's data by changing a parameter.
- Isolation is tested, not assumed. We run an automated cross-tenant test suite that tries to read and write across tenant boundaries in both directions. It must pass before any database or policy change ships.
Where your data lives
Your data is stored in the United Kingdom (London region). It is encrypted in transit with TLS and encrypted at rest by our infrastructure provider.
Payments
Card payments are processed by Stripe. Card numbers never reach LuminHive's servers and we do not store them. Stripe is a PCI-DSS Level 1 certified service provider.
Access and credentials
- Secrets are held in a managed vault, never committed to source control.
- Internal monitoring reads production with a least-privilege, read-only credential scoped to the few tables it needs — not an administrative key.
- Database functions run with a pinned search path so they cannot be hijacked by shadowed objects.
Data protection and your rights
LuminHive is built for UK GDPR, EU GDPR and the California CCPA/CPRA. The platform includes a self-service data deletion flow, and you can export or erase your business's data on request. Full detail is in our Privacy Policy.
What we do not claim
LuminHive is not currently SOC 2 or ISO 27001 certified. We would rather tell you that than imply a certification we do not hold. If your procurement process needs a security questionnaire or a Data Processing Agreement, email us and we will complete it.
Reporting a vulnerability
If you believe you have found a security issue, please email hello@lumin-hive.com with the details. We will acknowledge your report and keep you updated while we investigate. Please do not publicly disclose an issue before we have had a chance to fix it.